I Spent $500 To Test Devin AI For Prompt Injection So That You Don't Have To
Summary
Devin AI, a tool that acts as an AI software engineer, is vulnerable to prompt injection (tricking an AI by hiding malicious instructions in its input) attacks that can lead to full system compromise. By planting malicious instructions on websites or GitHub issues that Devin reads, attackers can trick it into downloading and running malware, giving them remote control over Devin's DevBox (the sandboxed environment where Devin operates) and access to any stored secrets.
Classification
Affected Vendors
Related Issues
CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman
CVE-2026-40087: LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-str
Original source: https://embracethered.com/blog/posts/2025/devin-i-spent-usd500-to-hack-devin/
First tracked: February 12, 2026 at 02:20 PM
Classified by LLM (prompt v3) · confidence: 92%